{
  "clientId": "{{ KEYCLOAK_CLIENT_ID }}",
  "name": "",
  "description": "",
  "rootUrl":  "{{ KEYCLOAK_REALM_URL }}",
  "adminUrl": "{{ KEYCLOAK_REALM_URL }}",
  "baseUrl":  "{{ KEYCLOAK_REALM_URL }}",
  "surrogateAuthRequired": false,
  "enabled": true,
  "alwaysDisplayInConsole": false,
  "clientAuthenticatorType": "client-secret",
  "secret": "{{ OIDC.CLIENT.SECRET }}",
  {# The following line should be covered by 02_update_client_redirects.yml #}
  "redirectUris": {{ KEYCLOAK_REDIRECT_URIS | to_json }},
  "webOrigins": {{ KEYCLOAK_WEB_ORIGINS | to_json }},
  "notBefore": 0,
  "bearerOnly": false,
  "consentRequired": false,
  "standardFlowEnabled": true,
  "implicitFlowEnabled": true,
  "directAccessGrantsEnabled": true,
  "serviceAccountsEnabled": true,
  "publicClient": false,
  "frontchannelLogout": true,
  "protocol": "openid-connect",
  "attributes": {
    "frontchannel.logout.url": {{ KEYCLOAK_FRONTCHANNEL_LOGOUT_URL | to_json }},
    "realm_client": "false",
    "oidc.ciba.grant.enabled": "false",
    "client.secret.creation.time": "0",
    "backchannel.logout.session.required": "true",
    "post.logout.redirect.uris": {{ KEYCLOAK_POST_LOGOUT_URIS | to_json }},
    "frontchannel.logout.session.required": "true",
    "oauth2.device.authorization.grant.enabled": "false",
    "display.on.consent.screen": "false",
    "use.jwks.url": "false",
    "backchannel.logout.revoke.offline.tokens": "false"
  },
  "authenticationFlowBindingOverrides": {},
  "fullScopeAllowed": true,
  "nodeReRegistrationTimeout": -1,
  "defaultClientScopes": [
    "web-origins",
    "service_account",
    "acr",
    "roles",
    "profile",
    "basic",
    "email"
  ],
  "optionalClientScopes": [
    "address",
    "phone",
    "organization",
    "offline_access",
    "microprofile-jwt",
    "{{ applications | get_app_conf(application_id, 'scopes.rbac_roles', True) }}",
    "{{ applications | get_app_conf(application_id, 'scopes.nextcloud', True) }}"
  ]
}